[Bro] Conn log shows massive file transfer inbetween normal browsing
Azoff, Justin S
jazoff at illinois.edu
Thu May 17 08:30:40 PDT 2018
> On May 17, 2018, at 9:47 AM, Eric Hacecky <hacecky at jlab.org> wrote:
>
> I sent a few screenshots and the pcap for 63949 out of band. 3 way handshake not present.
>
> For clarity, the bro conn log is coming from a sensor that is being fed a decrypted stream of 443 traffic.
Ah.. that explains it, seems whatever device that is decrypting the ssl traffic is sending garbage to bro.
—
Justin Azoff
More information about the Bro
mailing list